(Cat? OR feline) AND NOT dog?
Cat? W/5 behavior
(Cat? OR feline) AND traits
Cat AND charact*

This guide provides a more detailed description of the syntax that is supported along with examples.

This search box also supports the look-up of an IP.com Digital Signature (also referred to as Fingerprint); enter the 72-, 48-, or 32-character code to retrieve details of the associated file or submission.

Concept Search - What can I type?

For a concept search, you can enter phrases, sentences, or full paragraphs in English. For example, copy and paste the abstract of a patent application or paragraphs from an article.

Concept search eliminates the need for complex Boolean syntax to inform retrieval. Our Semantic Gist engine uses advanced cognitive semantic analysis to extract the meaning of data. This reduces the chances of missing valuable information, that may result from traditional keyword searching.

System and method for securely storing and retrieving data in configuration files

Publishing Venue

The IP.com Prior Art Database

Abstract

This disclosure describes a method for securely storing and retrieving sensitive information such as a password in a configuration file. The disclosure uses a data access service that encrypts and decrypts sensitive data using a key that is more secure than simply storing a key in a file.

Country

Undisclosed

Language

English (United States)

This text was extracted from a PDF file.

This is the abbreviated version, containing approximately
52% of the total text.

Page 01 of 10

System and method for securely storing and retrieving data in configuration files

The problem is that sensitive configuration information, such as passwords, are often stored in configuration files, and storing them in plain text is a security exposure.

The first and most obvious solution is to configure filesystem security to prevent unauthorized access to sensitive information in configuration files. The problem with this is that in practice filesystem security is often not sufficiently maintained - examples include permissions granted to large numbers of users for "ease of use", or file permissions not being initially set to be secure.

Various techniques are described for manually encrypting data and manually storing it in configuration files. The problem is that each place that sensitive configuration data is retrieved or stored there must also be custom code to decrypt or encrypt the data.

The following solutions all refer to a service (such as an API in an application server) that retrieves and stores configuration data, referred to as the data access service.

One known solution is to have the data service encode sensitive data with a simple algorithm to prevent the data from being seen in plain text. When the data access service retrieves a sensitive field, it decodes it and returns the decoded value. When the sensitive field is stored, it encodes it and stores the encoded value. WebSphere* Application Server utilizes this method for passwords in its configuration files today. The problem with this method is that the encoding algorithm is not secure and the encoded data can be easily decoded.

Another technique is to have the data access service encrypt sensitive data in configuration files with a symmetric key (password) that is stored in a file that the data access service has access to. The data access service reads this symmetric key from the file and uses it to encrypt and decrypt sensitive data as it is stored and retrieved. The problem with this approach is that the key is stored in a file and is vulnerable if file system security is not adequately maintained.

This invention is a data access service that encrypts and decrypts sensitive data using a key that is more secure than simply storing a key in a file.

The advantage of this invention is that sensitive information is stored more securely, reducing the risk of security breaches.

There are three variations of this disclosure:- A symmetric key that is passed in manually when the data access service is started.- An asymmetric public/private key pair in a certificate in a keyring that is protected by the operating system and is accessible to the data access service. This solution employs the strongest cryptographic technique.- A dynamically constructed symmetric key created by hashing known stable values in the environment. This solution is the easies...